Lucene search

SynologyCVELIST:CVE-2019-11828

HistoryJun 30, 2019 - 12:00 a.m.

CVE-2019-11828

2019-06-3000:00:00

CWE-79

synology

www.cve.org

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

21.9%

JSON

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CNA Affected

[
  {
    "product": "Office",
    "vendor": "Synology",
    "versions": [
      {
        "lessThan": "3.1.4-2771",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_19_11